Empty SNI names are not valid

While empty inputs to SSL_set1_host() clear the reference identifier list. Reviewed-by: Rich Salz <rsalz@openssl.org>
2025-04-06 20:20:50 +08:00 · 2016-01-16 12:57:24 -05:00 · 2016-01-16 12:57:24 -05:00 · 0982ecaaee
commit 0982ecaaee
parent ecdd0ff733
2 changed files with 6 additions and 3 deletions
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@ -92,11 +92,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
     * Refuse names with embedded NUL bytes, except perhaps as final byte.
     * XXX: Do we need to push an error onto the error stack?
     */
-    if (namelen == 0)
+    if (namelen == 0 || name == NULL)
        namelen = name ? strlen(name) : 0;
    else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
        return 0;
-    if (name && name[namelen - 1] == '\0')
+    if (namelen > 0 && name[namelen - 1] == '\0')
        --namelen;

    if (mode == SET_HOST) {
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -3534,13 +3534,16 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 #endif                          /* !OPENSSL_NO_EC */
    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
        if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
            OPENSSL_free(s->tlsext_hostname);
            s->tlsext_hostname = NULL;

            ret = 1;
            if (parg == NULL)
                break;
-            if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                return 0;
            }